\r
} else {\r
$query = 'select * from '.sql_table('plug_gallery_comment').\r
- ' where cpictureid='.$this->itemid.' order by ctime';\r
+ ' where cpictureid='.intval($this->itemid).' order by ctime';\r
$comments = sql_query($query);\r
$this->commentcount = mysql_num_rows($comments);\r
\r
function amountComments() {\r
$query = 'select count(*)'.\r
' from '.sql_table('plug_gallery_comment').\r
- ' where cpictureid='.$this->itemid;\r
+ ' where cpictureid='.intval($this->itemid);\r
$res = sql_query($query);\r
$arr = mysql_fetch_row($res);\r
return $arr[0];\r
$host = addslashes($comment['host']);\r
$ip = addslashes($comment['ip']);\r
$memberid = intval($comment['memberid']);\r
- $pictureid = $this->itemid;\r
+ $pictureid = intval($this->itemid);\r
\r
$query = 'insert into '.sql_table('plug_gallery_comment').\r
'(cbody, cuser, cmail, chost, cip, cmemberid, ctime, cpictureid) '.\r